Add cookie to check share link access

fileserver/fileop.go

@@ -3499,7 +3499,7 @@ type ShareLinkInfo struct {
 	ShareType string `json:"share_type"`
 }
 
-func queryShareLinkInfo(token, opType string) (*ShareLinkInfo, *appError) {
+func queryShareLinkInfo(token, cookie, opType string) (*ShareLinkInfo, *appError) {
 	claims := SeahubClaims{
 		time.Now().Add(time.Second * 300).Unix(),
 		true,
@@ -3512,10 +3512,13 @@ func queryShareLinkInfo(token, opType string) (*ShareLinkInfo, *appError) {
 		err := fmt.Errorf("failed to sign jwt token: %v", err)
 		return nil, &appError{err, "", http.StatusInternalServerError}
 	}
-	url := fmt.Sprintf("%s?token=%s&type=%s", seahubURL+"/share-link-info/", token, opType)
+	url := fmt.Sprintf("%s?token=%s&type=%s", seahubURL+"/check-share-link-access/", token, opType)
 	header := map[string][]string{
 		"Authorization": {"Token " + tokenString},
 	}
+	if cookie != "" {
+		header["Cookie"] = []string{cookie}
+	}
 	status, body, err := utils.HttpCommon("GET", url, header, nil)
 	if err != nil {
 		err := fmt.Errorf("failed to get share link info: %v", err)
@@ -3548,7 +3551,8 @@ func accessLinkCB(rsp http.ResponseWriter, r *http.Request) *appError {
 		return &appError{nil, msg, http.StatusBadRequest}
 	}
 	token := parts[1]
-	info, appErr := queryShareLinkInfo(token, "file")
+	cookie := r.Header.Get("Cookie")
+	info, appErr := queryShareLinkInfo(token, cookie, "file")
 	if appErr != nil {
 		return appErr
 	}

server/access-file.c

@@ -1682,7 +1682,8 @@ access_link_cb(evhtp_request_t *req, void *arg)
 
     token = parts[1];
 
-    info = http_tx_manager_query_share_link_info (token, "file");
+    const char *cookie = evhtp_kv_find (req->headers_in, "Cookie");
+    info = http_tx_manager_query_share_link_info (token, cookie, "file");
     if (!info) {
         error_str = "Link token not found\n";
         error_code = EVHTP_RES_FORBIDDEN;

server/http-tx-mgr.c

@@ -580,10 +580,11 @@ parse_share_link_info (const char *rsp_content, int rsp_size)
 }
 
 SeafileShareLinkInfo *
-http_tx_manager_query_share_link_info (const char *token, const char *type)
+http_tx_manager_query_share_link_info (const char *token, const char *cookie, const char *type)
 {
     Connection *conn = NULL;
     char *token_header;
+    char *cookie_header;
     struct curl_slist *headers = NULL;
     int ret = 0;
     CURL *curl;
@@ -609,12 +610,17 @@ http_tx_manager_query_share_link_info (const char *token, const char *type)
     curl = conn->curl;
     headers = curl_slist_append (headers, "User-Agent: Seafile/"SEAFILE_CLIENT_VERSION" ("USER_AGENT_OS")");
     token_header = g_strdup_printf ("Authorization: Token %s", jwt_token);
+    if (cookie) {
+        cookie_header = g_strdup_printf ("Cookie: %s", cookie);
+        headers = curl_slist_append (headers, cookie_header);
+        g_free (cookie_header);
+    }
     headers = curl_slist_append (headers, token_header);
     headers = curl_slist_append (headers, "Content-Type: application/json");
     g_free (token_header);
     curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
 
-    url = g_strdup_printf("%s/share-link-info/?token=%s&type=%s", seaf->seahub_url, token, type);
+    url = g_strdup_printf("%s/check-share-link-access/?token=%s&type=%s", seaf->seahub_url, token, type);
     ret = http_get_common (curl, url, jwt_token, &rsp_status,
                            &rsp_content, &rsp_size, NULL, NULL, TRUE);
     if (ret < 0) {

server/http-tx-mgr.h

@@ -50,5 +50,5 @@ char *
 http_tx_manager_get_nickname (const char *modifier);
 
 SeafileShareLinkInfo *
-http_tx_manager_query_share_link_info (const char *token, const char *type);
+http_tx_manager_query_share_link_info (const char *token, const char *cookie, const char *type);
 #endif